Your domain name

Securing your e-mail

You protect and secure your e-mail address on your own domain name on two levels:

1. Protecting your own mailbox

Why is the content of your mailbox important?

You must protect your mailbox needless to say. It often contains important information - the confirmation of purchases or reservations, a ticket for an event or a trip, etc.. But the personal information in your mailbox is also worth money. In fact, hackers can use it in a phishing attack to gain the user's trust.

Take these measures:

  • Choose a strong password to log into your e-mail account.
  • Better yet, work with two-step verification.
  • Use a separate password for your e-mail that you don't use anywhere else.
  • Is remembering all those strong passwords getting to be too much for you? Use a Password Manager.
  • Don't forget to password protect your smartphone or tablet as well.
  • Make sure your computer is up to date, with all security updates done.
  • Don't use open Wi-Fi when on the move checking your e-mail via Webmail.

2. Prevent others from misusing your e-mail address

It is very easy to create a mail account in an e-mail program and enter a fake e-mail address as the sender. Spammers also use this vulnerability in e-mail to hide their own address.

What is the danger?

If they misuse your e-mail address based on your domain name, there is a danger that your domain name will get the bad reputation of a spammer. Your real e-mails would then be stopped by spam filters.

You can prevent this misuse by taking certain measures. In so doing, you concurrently protect your recipients, who will no longer receive fake e-mails from you – provided that you have a mailbox with an e-mail server on your domain name.

Measure 1 : Create an SPF record

Your domain name has several settings, such as the 'records', that determine what the servers on the internet should do with the traffic for your domain name. You can create records to direct a visitor to your website, e-mails to your mailbox, and so on.  

One of these is the Sender Policy Framework, or “SPF record” for short, which tells through which e-mail servers your e-mails may be sent. If a spam filter with SPF protection detects an e-mail coming from your domain name but sent via a different mail server than what is in the SPF record, the spam filter knows that something is wrong and will put that fraudulent mail in the spam folder.

That SPF record counts for your entire domain name - so you don't have to create a separate SPF record for each e-mail address on your domain name.  

Measure 2: sign your e-mails with DKIM

With DomainKeys Identified Mail, or DKIM for short, your outgoing e-mails are signed with a Domain Key. Configured at the DNS level, this cryptographic signature allows your recipient's e-mail servers to verify that the mail was actually sent from your own server without the message being altered along the way. This guarantees the authenticity of your mail and prevents it from being marked as spam.

Measure 3 : Devise a DMARC policy

Domain-based Message Authentication Reporting and Conformance, or DMARC for shot, is a free and open technical specification that lets you determine what receiving e-mail servers should do with e-mails that appear to come from your domain name.

A policy can be conveyed to the receiving mail server in DNS by means of a DMARC record. For example, what to do if the DKIM signature is incorrect, or if SPF fails? Options include rejecting or placing the e-mail in quarantine.

The result is put in the header as "authentication results”. The e-mail server will carry out the instructions contained in the DMARC policy, e.g. allow the e-mail to pass if the results are correct, or quarantine it if they are not.

DMARC is not an e-mail authentication protocol itself. It leaves that task to two authentication standards: SPF and DKIM.

Tip: Discover the secrets of SPF, DKIM and DMARC

The "make all headers visible" option in your e-mail program will give you an insight into these authentication stages. Note Received SPF, DKIM Signature, and Authentication Result, i.e. the decision made based on the DMARC instructions.

You usually set an SPF record, DKIM string, DMARC policy in your hosting provider's control panel. Ask that provider for instructions or to set it up for you.